search

bits-and-blooms / bitset

Go package implementing bitsets
BSD 3-Clause "New" or "Revised" License
1.34k stars 175 forks source link

Add minimum permissions to workflow #118

Closed gabibguti closed 1 year ago

gabibguti commented 1 year ago

Adding minimum permissions to your workflows help keep your repository safe against supply-chain attacks. I see the repo only uses one workflow test.yml for testing and this workflow just needs contents: read permission to run actions/checkout. If you agree with these changes, I can open a PR!

This is considered good-practice and recommended by GitHub itself and other security tools, such as Scorecards and StepSecurity.

Additional context

I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes :)

willf commented 1 year ago

I like it!

lemire commented 1 year ago

It is not controversial.

Go !!!